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(57) Abstract 

A secure client/server system (10) allows remote access to a database system (19a) without allowing tmauthorized users to access 
data stored widiin the database system (1^)- A server (17a) receives a request for data and a password from a client (14) located at a 
remote location. The server (17a) translates the request f r data into an appropriate query or queries and translates the password into a new 
password. The queries and new password are used by the server (17a) to retrieve data from databases (20a) associated with the server (17a). 
The server (17a) determines whether the user is authorized to retrieve the requested information and may restrict the queries or discard 
requested data such that the user does not gain access to unauth rized informaticm. The server (17a) may retrieve the requested data from a 
plurality of databases (20a, 20b. 20c, 20d). even when the databases (20a, 20b. 20c, 20d) utilize different protocols or are located remotely 
from die server (17a). 
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SYSTEM AND METHOD FOR SECURELY ACCESSING 
A DATABASE FROM A REMOTE LOCATION 

5 This document claims priority to and the benefit of the filing date of U.S. 

provisional appUcation entitled "CLIENT/SERVER SYSTEM AND METHOD 
FOR SECURING QUERIES TO A SERVER DATABASE,'' assigned serial 
number 60/090,576, and filed June 25, 1998, which is hereby incorporated by 
reference. This document also claim priority to and the benefit of the filing date of the 

10 following U.S. non-provisional applications: (a) serial no. 09/146,414, entitled 
"SYSTEM AND METHOD FOR SECURELY ACCESSING A DATABASE 
FROM A REMOTE LOCATION," and filed September 3, 1998; (b) serial no. 
09/146,41 1, entitled ^"SYSTEM AND METHOD FOR RESTRICTING 
UNAUTHORIZED ACCESS TO A DATABASE,'' and filed September 3, 1998; 

15 and (c) serial no. 09/146,404, entitled "SYSTEM AND METHOD FOR 

RESTRICTING ACCESS TO A DATA TABLE WITHIN A DATABASE," and 
filed September 3, 1998. Each of the foregoing non-provisional applications is 
incorporated herein by reference. 

BACKGROUND OF THE INVENTION 

20 FIELD Of THE INVENTION 

The present invention generally relates to data security systems and, in 
particular, to a system and method for preventing unauthorized access of a database 
that can be accessed remotely by authorized users. 

RELATED ART 

25 Current database systems store a variety of information, and it is often desirable 

to keep the information stored within many database systems private. Therefore, in 
many applications, it is important to allow only authorized users to access the 
information stored within a database system. Furthermore, it is often desirable for 
authorized users to access the information within the database system from remote 

30 locations. However, allowing access to database systems from remote locations 

EmMSTMlblfiUS 
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presents certain security concerns. For example, it usually becomes easier for 
unauthorized users, sometimes referred to as "hackers," to access information within 
the database system when remote access of the database system is allowed for 
authorized users. 

5 in this regard, if access to the database system is only provided through devices 

at the premises of the database system {i.e., remote access is not allowed), then access 
to the premises and, hence, the database system can be effectively limited to authorized 
users of the database system. However, if access to the database system from remote 
locations is siUowed, then it becomes easier for unauthorized users to gain access to the 

10 database system. 

For example, in many prior art systems, a server at the premises of the database 
system is utilized to enable remote access to the database system. To retrieve data 
from the database system remotely, an authorized user establishes communication with 
the server, and the server verifies that the user is an authorized user. For example, the 

15 server typically requires the user to enter a valid password before allowing the user to 
connect to the database system. If the user enters a valid password, then the server 
allows the user's computer (the client) to connect to the database system. The client 
then queries the database system through, for example. Structured Query Language 
(SQL) queries or other types of queries in order to retrieve the desired data from 

20 databases within the database system. 

Many times, the user is only authorized to access certain data within the 
database system. Therefore, the database system typically includes security features 
that restrict the user's access to certain colunms of information within the database 
system based on the user's password, which identifies the user. If the user subnvits an 

25 acceptable query (/.e., a query for information that is within the user's authorized 

data), then the database system retrieves the requested data and returns it to the client 
computer via the server. Remote access to at least a portion of the databsise system i- N 
thereby enabled. 

Since remote access to the server is necessary to allow the database system to 
30 be accessed at remote locations by authorized users, hackers typically are capable of 

2 
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establishing communication with the server associated with the database system. Once 
communication with the server is established, hackers often are prevented from 
connecting with the database system primarily through the security measures in place 
at the server that verify a user as being an authorized user. However, the security 
measures at the server are not always adequate. 

For example, a hacker might discover a valid password through a variety of 
hacking methods. One such method could include the interception of data 
commuTUcations between the server and an authorized user to discover a valid 
password. Even if the communications between the server and the authorized user are 
encrypted, current encryption techniques can sometimes be broken and deciphered by 
hackers. Therefore, a hacker can use the password to log on with the server and gain 
connectivity with the database system. Once connected to the database system, the 
hacker can then access any information within the database accessible to the password. 
Furthermore, the hacker can attempt to defeat the security measures in place at the 
database system to gain access to other information in the database system as well. 

Accordingly, providing remote access to database systems allows hackers, 
through a variety of methods, certain opportunities to access the data within the 
database system. As a result, many database systems containing sensitive or important 
information are either restricted from remote access entirely or allow remote access 
with the risk that a potential hacker can break into the database system and retrieve or 
manipulate the data therein. 

Thus, a heretofore unaddressed need exists in the industry for providing a more 
secure system and method of alloAving remote access to a database system. 

SUMMARY OF THE INVENTION 

The present invention overcomes the inadequacies and deficiencies of the prior 
art as discussed herein. In general, the present invention provides a system and 
method for securely accessing a database from a remote location. 

The present invention utilizes a client computer (client), a server computer 
(server), and a database system. The client establishes communication with the server 
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froir t remote location and submits a request for data to the server. The server 
traniv - . ;;s the request for data into a query for the database system. The server queries 
the database system with the translated query, and in response, the database system 
retrieves the requested data and transmits the requested data to the server. The server 

5 encrypts the requested data and transmits the encrypted data to the client. 

If part of the data requested by the client is not stored in the database system 
associated with the server, the server creates a request for data and sends the request 
for data to a remote server. The remote server translates the request for data into 
another query and queries a database system associated with the remote server. The 

10 remote server then transmits the data retrieved from the database system associated 
with the remote server to the server. The server then assimilates all of the retrieved 
data and transmits the retrieved data in encrypted form to the client. The server may 
query a plurality of remote servers in order to retrieve all of the information requested 
by the client. 

15 In accordance with another feature of the present invention, the client initially 

transmits a password to the server in order to identify the user of the client as an 
authorized user. The server translates the password into a different password (an 
"alias" password) and utilizes the alias password to gain access to the database system. 
In accordance with another feature of the present invention, the server 

20 transmits a new encryption key to the client each time the client establishes a data 
session with the server. Thereafter, the client and server encrypt all information 
communicated therebetween in the data session with the new encryption key. 

In accordance with another feature of the present invention, the server accesses 
a colunrui of information within the database system in order to retrieve the information 

25 requested by the client. The server determines which information within the column is 
inaccessible to the user based on predefined security information stored within the 
server. The server disceirds any information determined to be inaccessible for the user 
and transmits to the client only information determined to be accessible for the user. 
The present invention has many advantages, a few of which are delineated 

30 hereafter, as mere examples. 

4 
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An advantage of the present invention is that a database system can be remotely 
accessed. 

Another advantage of the present invention is that unauthorized access of a 
remotely accessible database system can be prevented. 
5 Another advzmtage of the present invention is that a database system can be 

remotely accessible without allowing unauthorized users to connect with the database 
system. 

Another advantage of the present invention is that information within a plurality 
of databases located remotely from each other can be accessed in a secured 
10 environment. 

Another advantage of the present invention is that data can be retrieved from a 
plurality of databases. This retrieval from a plurality of databases occurs transparently 
to the client. 

Another advantage of the present invention is that a client can retrieve data 
15 from a database without conforming to the protocol used by the database. 

Another advzmtage of the present invention is that an authorized user only 
gains access to certain information within the database system. 

Other features and advantages of the present invention will become apparent to 
one skilled in the art upon examination of the following detailed description, when read 
20 in conjunction with the accompanying drawings. It is intended that all such features 
and advantages be included herein within the scope of the present invention, as is 
defined by the claims. 

BRIEF DESCRIPTION OF THE DRAWINGS 

25 The invention can be better understood with reference to the following 

drawings. The elements of the drawings are not necessarily to scale relative to each 
other, emphasis instead being placed upon clearly illustrating the principles of the 
invention. Furthermore, like reference numerals designate corresponding parts 
throughout the several views. 

30 Fig. 1 is a block diagram illustrating a client/server system in accordemce with 
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the present invention. 

Fig. 2 is a block diagram illustrating a client computer system in accordance 
with the principles of the present invention. 

Fig. 3 is a block diagram illustrating a server computer system in accordance 
5 with the present invention. 

Figs. 4A and 4B depict a flow chart illustrating the functionality and 
methodology of the client server system of Fig. 1. 

TiF.TAn.FD DESCRIPTION OF THE INVENTION 

10 Fig. 1 depicts a client/server system 10 illustrating the principles of the present 

invention. Referring to Fig. 1 , a client 14 is configured to communicate with a server 
17a via communications network 18. The client 14 is preferably a computer system 
located remotely fi'om the server 17a, which is preferably a computer system as well. 
As used herein, the terms "remotely located" or "remote location" shall refer to a 

15 location separated fi*om the premises of a server 1 7a by an unsecure connection. An 
unsecure connection is any connection accessible by a hacker or unauthorized user. 
Examples of unsecure connections are, but are not limited to, Internet connections. 
Publicly Switched Telephone Network (PSTN) connections, cellular connections etc. 
The communications network 1 8 can comprise any conventional communications 

20 network or combinations of networks such as, for example (but not limited to), the 
PSTN, a cellular network, etc. Furthermore, the communications network 18, along 
with the client 14 and server 17a, may employ any protocol or combinations of 
protocols suitable for communicating information between the client 14 and the server 
17a. 

25 The server 17a is preferably associated with and connected to a database 

system 19a having at least one database 20a or 20b. The database system 19a is 
preferably any database system known in the art. Therefore, information stored within 
each database 20a and 20b can be accessed by the server 17a through known 
techniques. The database system 19a is preferably located on a premises of the server 

30 17a. 
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Referring now to Fig. 2, the client 17a preferably includes a control system 21 
for controlling the operation of the client 14. The client control system 21 along vnth its 
associated methodology is preferably implemented in software and stored in main memory 
22 of the client 14. Note that the client control system 21 can be stored and transported on 
5 any computer-readable medium for use by or in connection with a computer-readable 
system or method. In the context of this document, a computer-readable medium is an 
electronic, magnetic, optical, or other physical device or means that can contain or store a 
computer program for use by or in connection with a computer-related system or method. 
As an example, the client control system 21 may be magnetically stored and transported on 
10 a conventional portable computer diskette. 

The preferred embodiment of the client 14 of Fig. 2 comprises one or more 
conventional processing elements 25, such as a digital signal processor (DSP), that 
communicate to and drive the other elements within the client 14 via a local interface 26, 
which can include one or more buses. Furthermore, an input device 28, for example, a 
1 5 keyboard or a mouse, can be used to input data from a user of the client 1 4, and a screen 
display 29 or a printer 3 1 can be used to output data to a user. A disk storage mechanism 
32 can be connected to the local interface 26 to transfer data to and from a nonvolatile disk 
(e.g., magnetic, optical etc.). The client 14 can be connected to a network interface 33 
that allows the client 14 to exchange data with a network 34. 
20 Furthermore, as shown by Fig. 3, the server 17a, as does the nearly identical server 

1 7b, preferably comprises a computer system similar to the client 1 4. Similar to the client 
14, a control system 41 associated with the server 17a preferably controls the operations of 
the server 17a The server control system 41 along with its associated methodology is 
preferably implemented in software and stored in main memory 42 of the server 17a. Note 
25 that the server control system 41 can be stored and transported on any computer-readable 
medium for use by or in connection with a computer-readable system or method. 

Similar to the client 14, the preferred embodiment of the server 17a comprises one 
or more conventional processing elements 45, such as a digital signal processor (DSP), that 
communicate to and drive the other elements within the server 17a via a local interface 46, 
30 which can include one or more buses. Furthermore, an input device 48, for example, a 
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keyboard or a mouse, can be used to input data from a user of the client 1 4, and a screen 
display 49 or a printer 5 1 can be used to output data to a user. A disk storage mechanism 
52 can be connected to the local int^'&ce 46 to transfo data to and from a nonvolatile disk 
magnetic, optical, etc.). The server 1 7a can be connected to a network interfece 53 

5 that allows the server 1 7a to exchange data with a network 54. Furthermore, the server 
1 7a preferably maintains a password table 55 and a security data table 57 that can be 
accessed by the server control system 41 via local bus 46. The password table 55 and 
security data table 57 will be discussed in further detail hereinbelow. 

Referring again to Fig, 1, the client 14 is configured to establish communication 

10 with the server 17a through any suitable technique known in the art. For example, the 

client 1 4 can be connected to a modem 61 which establishes communication with a modem 
63 a connected to the server 17a. Once communication between the modems 61 and 63 a is 
established, the client 14 can communicate with the server 17a via communications 
network 1 8 and modems 61 and 63 a. However, it is suflScient for the purposes of the 

15 present invention that the client 14 be capable of communicating with the server 17a, and 
one skilled in the art should realize that communications dcNnces other than modems 6 1 and 
63 a (including modem 63b when communication with modem 17b is established) may be 
used to establish communication between client 14 and server 17a. Therefore, modems 61, 
63 a, and 63b are not necessary to implement the principles of the present invention. 

20 After establishing communication with the server 1 7a, the server 1 7a is designed to 

transmit a new encryption key to the client 14. As known in the art, the encryption key can 
be used to encrypt and decrypt data through known encryption techniques, such as DES 
encryption, for example. In order to securely transmit the new encryption key to client 14, 
the new encryption key is preferably encrypted through known encryption techniques (such 

25 as RS A encryption, for example) by the server 1 7a before transmitting the key to the client 
14. 

In this regard, the client 14 is designed to have a public encryption key and a 
corresponding private encryption key pursuant to RSA encryption standards. The client 14 
is configured to transmit the public encryption key to the server 17a when communication 
30 between the client 14 and server 17a are established. In response, the server 17a is 

8 
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d^gned to generate the new encryption key and to encrypt the new encryption key with 
the public k^ supplied by the client 14. The server 17a is then designed to transmit the 
enoypted new encryption key to the client 14 v^ch decrypts the new encryption key with 
the private k^. Thereafter, both the client 14 and the server 17a are designed to encrypt 
5 and decrypt all data transmitted therebetween with the new encryption key pursuant to 
known encryption/decryption techniques, such as DES encryption/decryption techniques, 
for example. 

Since a new encryption key is utilized for each new data session, attempts by 
unauthorized users to gain access to the database system 19a are fixistrated. In this regard, 

10 the server 17a identifies a user through the log name and password transmitted to the server 
17a as described hereinabove. If this data is not encrypted with a diflferent encryption key 
(/.a, a new encryption key unique to each data session), then the log name and password 
are transmitted in the same form for each data session. Therefore, hackers can more easily 
break the encryption scheme and/or "spoof the server 17a into allowing the hacker to gain 

15 access to the database system 1 9a. The hackers can "spoof the server 1 7a by intercepting 
the encrypted log name and password and transmitting a copy of the encrypted log name 
and password to the server 17a after establishing a data session with the server 1 7a. 

However, using a new encryption key for each data session causes the same data 
{e.g,, the log name and the password) to appear in a different form for each data session. 

20 Therefore, it is more difiScult to break the encryption scheme (i.e., discover the encryption 
key used to decrypt the data), and it becomes more diflficult to spoof the server 1 7a, since 
the server 17a is expecting a different form of the log name and password for each data 
session. Consequentiy, attempts by hackers to gain access to the database system 19a are 
frustrated by encrypting data with a new encryption key for each data session between the 

25 client 14 and the server 17a. 

As an alternative to encrypting the new encryption key with a public encryption key 
supplied by the client 14, the new encryption key can be encrypted according to a standard 
algorithm by the server 17a before being communicated to the client 14. The client 14 is 
preferably aware of the standard algorithm and is configured to decrypt the data sent from 

30 the server 17a via the standard algorithm in order to determine the new encryption key. 
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For example, the server 17a can be configured to transmit a plurality of encryption keys 
along with an index indicating -winch of the keys is the new enoyption key for the data 
session. The client 14 can be configured to process the index via the standard algorithm in 
order to determine which is the new ^cryption key. 

5 As an example, the index could be a code word indicating the placement of the new 

key within the plurality of keys (e,g,, indicating that the new key will be the tenth key 
transmitted by the server 17a)- In this case, the client 14 is configured to decode the coded 
index in order to determine the placement of the new encryption key. In this regard, the 
client 14 may include a predetermined table of code words in memory 22 (Fig. 2) where 

10 each code word is correlated with a particular placement value. Accordingly, the client 14 
can be configured to access the data table and to translate the coded index into the 
placement value of the new encryption key. Other algorithms may be employed for 
determining the new encryption key without departing fi-om the principles of the present 
invention. 

15 It should be noted that other types of encryption methodologies may be employed 

without departing fi"om the principles of the present invention. Regardless of the 
encryption methodology utilized, it should be desirable to encrypt data with a new or 
different key for each data session, as described hereinabove. 

After detemiining the new encryption key, the client 14 is designed to use the new 

20 encryption key to encrypt and transmit a predefined password and log name to the server 
1 7a. The predefined password is preferably unique to the user of client 14, and the 
password and log name together can be used to identify the user. The server 1 7a is 
configured to receive the log name and the password and to decrypt the log name and the 
password with the new encryption key. Then, the server 17a is configured to translate the 

25 password into a new password (an "alias" password) that identifies the user of the client 1 4 
to the server 17a. In order to implement the translation, the server 17a preferably maintains 
a password table 55 (Fig. 3). The password table 55 preferably includes an entry for each 
authorized user of the system 10, Each predefined password associated with a user is 
correlated with a particular alias password and with the log name of the user associated 

30 with the predefined password. Therefore, through techniques known in the art, the server 

10 
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17a can retrieve the aKas password from the password table 55 based on the pr^efined 

password and log name axpplied by the user of the client 14. 

After receiving the password from the client 14, the serwer 17a is configured to 

identify the user of the client 14 via the password and log name receivai by the server 1 7a. 
5 If the password supplied by the client 14 is not in the password table 55 or if the log name 

supplied by the dient 14 does not match the log name associated with the password in the 

password table 55, then server 17a is designed to identify the user as an unauthorized user. 

The server 17a preferably sends a message to the client indicating the nature of the problem 

and either terminates the data session or allows the user to reenter a new log name and/or 
10 password. 

Once the server 17a has identified the user of client 14 as an authorized user, the 
client 14 is configured to encrypt a request for data using the new encryption key and to 
transmit the encrypted request for data to the server 17a. The request for data can be of 
any form or can be in accordance with any protocol known to the server 17a. In the 

15 preferred embodiment, the request for data is a predetermined data word (/.e. , a code 
word) known to the server 1 7a. 

It should be noted that encryption of the request for data is not necessary for 
implementation of the present invention. This is especially tme when the request is a 
predetermined code word, since an unauthorized user should be unfamiliar with the code 

20 word and therefore unable to extract any useful information from the request. However, 
encryption of the request makes it more difficult for unauthorized users to retrieve 
information from the database system 19a in cases where the unauthorized user is able to 
spoof the server 17a or to discover a valid password. This is because the server 17a will 
not retrieve any information from the database system 19a unless a valid request is 

25 submitted to the server 17a, and encrypting the requests for data makes it more difficult for 
unauthorized users to discover valid requests for data. Therefore, encryption of the 
requests for data transmitted from the client 14 is not necessary but helps to ensure the 
overall security of the system 10. 

The server 17a is designed to receive the request for data and to decrypt the 

30 request for Hata using the new encryption key. Then the server 17a is designed to 

11 
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detennine whether the mformation requested by the request for data is accessible to the 
user {Le,, authorized for viewing by the user). In this regard, the server 1 7a preferably 
includes security information that indicates which data within the databases 20a and 20b are 
accessible to each user. For example, although other embodiments are possible, the 
5 security information can be stored in a security data table 57 in which each entry of the 

security data table 57 corresponds to a user and indicates which information is accessible to 
the user. Therefore, through techniques known in the art, the server 17a is designed to 
retrieve the entry in the security data table 57 corresponding to the user of client 14. Then, 
the server 17a is configured to determine whether the information requested by the client 
10 1 4 is accessible to the user of client 14. 

If the server 1 7a determines that the information requested by the client 1 4 is 
inaccessible to the user of the client 14, then the server 1 7a is configured to discard the 
request and to send a message to the client 1 4 indicating that access to the requested 
information is denied. However, if the server 17a determines that the requested 
15 information is accessible to the user of client 14, then the server 17a is configured to query 
the appropriate database 20a or 20b for the requested information. In this regard, the 
server 17a is preferably designed to translate the request for data into a structured query 
language (SQL) query or other known types of queries. As known in the art, structured 
query language is a database language for querying, updating, and managing databases. 
20 Since the server 17a is aware of the information requested by the client 14 via the request 
for data transmitted fi*om the client 14, the server 17a is able to create an appropriate SQL 
query or other types of well known queries through query generating techniques known in 
the art. Therefore, the server 17a is designed to connect to the database systrai 1 9a and to 
submit an appropriate query to retrieve the information requested by the client 14. As will 
25 be discussed in fiirther detail hereinafter, the server 1 7a is preferably configured to utilize 
the alias password associated with the user of the client 1 4 when accusing the databases 
20a and 20b within database system 1 9a. 

Alternatively, the server 17a can be configured to determine whether the user is 
authorized to access the requested data after the requested data is retrieved fi^om the 
30 database system 19a. For example, in embodiments where the request for data transmitted 

12 
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from the client 14 is an SQL query (or other type of query capable of retrieving data from 
the database system 19a), it is preferable that the swver 17a intercept the data retrieved 
from database system 19a and analyze the retrieved data for accessibility issues. After 
consulting the security data table 57, the server 1 7a is configured to discard any data 

5 determined by the server 17a to be inacces^ble to the user of client 14. 

It should be noted that portions of the data requested by the client 14 may be 
located in different databases 20a - 20d. Furthermore, each of databases 20a - 20d may 
have a different protocol for querying and retrieving data. For example, a portion of the 
data requested by the client 14 may be located in database 20a, and a portion of the data 

10 requested by the client 14 may be located in database 20b, which receives queries and" 

transmits data according to a different protocol than that of database 20a. As an example, 
database 20a may be an Oracle type database while database 20b may be a Microsoft 
Access type of database. The server 17a preferably is familiar with the protocols used by 
both databases 20a and 20b: Therefore, the server 17a generates a first query (pursuant to 

15 the protocol utilized by database 20a) to database 20a in order to retrieve a portion of the 
data requested by the client 14, and the server 17a generates a second query (pursuant to 
the protocol utilized by database 20b) to database 20b in order to retrieve another portion 
of the data requested by the client 14. Accordingly, the server 17a is capable of retrieving 
the Haf g^ requested by the client 14, even when the requested data is located in different 

4 

20 types of databases. 

If part of the information requested by the client 14 is located in a remote database 
system 19b associated with a remote server 17b, the server 17a is designed to create a 
request for data to be sent to the remote server 1 7b. Similar to the request for data 
transmitted from the client 14 to the server 17a, the request for data created by the server 

25 1 7a can be of any protocol known to the remote server 1 7b. In the preferred embodiment, 
the request for data is a data word (Le., a code word) recognizable to the remote server 
- 1 7b. To ensure the security of the request, the server 1 7a may be designed to utilize the 
same security features utilized by the server 17a in dealing with client 14. 

In this regard, the server 17a preferably retrieves data from the remote server 17b in 

30 the same way that client 14 retrieves data from the server 1 7a. Therefore, in response to 
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the session between the server 17a and the remote server 17b, the server 17a transmits 
a public CTcryption key to the remote server 17b. The remote server 17b generates a new 
encryption key for the data s^sion between the server 17a and the remote server 17b and 
encrypts the new encryption key with the public key supplied by the serva* 17a, The 
5 remote servo- 1 7b transmits the new encryption key to the server 1 7a, which decrypts the 
new encryption key with the private key corresponding with the public key sent to the 
remote server 17b. Thereafter, the servers 17a and 17b encrypt and decrypt all data 
transmitted therebetween with the new CTicryption key generated by the remote server 17b. 
The server 17a then encrypts the user's password and log name with the new 
10 encryption key generated by the remote server 17b and transmits the log name and 

password to the remote server 1 7b. The remote server 1 7b decrypts the password and log 
name with the new encryption key generated by the remote server 1 7b to verify that the 
requests transmitted by the server 1 7a are associated with an authorized user. The remote 
server 17b then translates the password into an alias password. The server 17a is designed 
15 to encrypt the request for data created by the server 17a and to transmit the request to the 
remote server 17b. The remote server 17b is configured to decrypt the request with the 
new key generated by the remote server 1 7b and to translate the request into an appropriate 
query, preferably an SQL query. 

Like the server 17a, the remote server 17b is then designed to verify that the 
20 requested information is accessible to the user. If the user may retrieve the requested data, 
then the remote server 1 7b is designed to translate the request into an appropriate SQL 
query and to query the remote database system 1 9b for the data requested by the server 
1 7a. When the remote server 1 7b receives the queried information fi'om database 20c or 
20d in the remote database system 19b, the remote server 17b is configured to encrypt the 
25 information with the new encryption key sent to the server 17a and to transmit the 
encrypted information to the server 17a. 

The server 1 7a may have to request information from multiple remote servers 1 7b 
in order to access all of the information requested by the client 14. Once, the server 17a 
has received all of the requested information, the server 17b is designed to assimilate all of 
30 the retrieved data into a form compatible with the client 14. Then, the server 1 7a is 

14 
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designed to encrypt the asamilated data with the new encryption key previously sent to the 
client 14 and to transmit the assimilated data to the client 14. 

The client 14 is designed to recdve the data transmitted from the server 1 7a and to 
decrypt the data using the new encryption key previously sent from the server 1 7a for the 
5 data session. The client 14 may then display the decrypted data to the user or process the 

data as may be desired. 

It should be noted that although each message transmitted between the client 14 
and server 17a is encrypted in the present invention, the encryption of each message is not 
necessary to implement the present invention. In this regard, any of the messages 
10 communicated between the client 1 4 and the server 1 7a can be without encryption, 
although the security of each message not encrypted may be compromised. 

OPERATION 

The preferred use and operation of the client/server system 10 and associated 
15 methodology are described hereafter with reference to Figs. 1 and 4. 

Initially, a user registers with the system 1 0 and receives a log name and a 
password. In addition, the password table 55 (Fig. 3) at each of the servers 17a and 
17b is updated with the password and the log name. In this regard, an entry is created 
in the password table 55 at each of the servers 1 7a and 17b, and the password and the 
20 log name are entered into the entry. Furthermore, an alias password is assigned to the 
user which is also input into the entry in the password table. Next, the security data 
table 57 at each of the servers 17a and 17b is also updated by creating an entry for the 
user that indicates which data in the database systems 19a and 19b may be accessed by 
the user. 

25 Once the user is registered with the system 10, the user may establish 

communication vAth one of the servers 17a or 17b, as shown by block 105 of Fig. 4A. 
Assume for illustrative purposes that the user via client 14 establishes conununication 
with the server 17a. As shown by block 108 of Fig. 4 A, the server 17a then generates 
and transmits a new encryption key for the current data session to the client 14. The 

30 cUent 14 receives this new encryption key and uses the new encryption key to encrypt 
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« 

the data communicated by the client 14 in the remainder of the data session. 

Preferably, the new encryption key is encrypted by server 17a before 
transmitting the new encryption key to the client 14. In this regard, the client 14 can 
be configured to transmit a public encryption key to the server 1 7a, through known 

5 encryption schemes, such as RSA encryption, for example. Before transmitting the 
new encryption key to the client 1 4, the server 1 7a encrypts the new encryption key 
with the public encryption key transmitted by the client 14. After receiving the new 
encryption key, the client 14 decrypts the new encryption key with a private key that 
corresponds with the public key used by the server 17a to encrypt the new encryption 

10 key. Thereafter, both the client 14 and server 17a have knowledge of the new 

encryption key and can encrypt/decrypt data treinsmitted therebetween with the new 
encryption key through known encryption schemes, such as DES encryption, for 
example. 

After receiving the new encryption key from the server 17a, the client 14 

15 encrypts the user's password and log name with the new encryption key and transmits 
the password and log name to the server 1 7a, as shown by block 1 1 1 in Fig. 4A. The 
server 1 7a receives and decrypts the log name and the password using the new 
encryption known by the client 14 and the server 17a. Utilizing a new encryption key 
unique for each data session frustrates attempts by hackers to spoof the server 17a with 

20 passwords and/or requests for data previously used in other data sessions. 

The server 17a translates the password into an alias pzissword by retrieving the 
alias password from the appropriate entry in the password data table 55, as depicted by 
block 1 14 of Fig. 4 A. The server 17a compares the log name transmitted by the client 
14 with the log name in the password data table entry corresponding v^th the 

25 password. If the log names match, the user of the client 14 is determined to be an 
authorized user. However, if the log names do not match, then the server 17a denies 
the client 14 access to the database system 19a. The server also sends the client an 
error message and terminates the data session, as shown by blocks 117 and 121 of Fig. 
4 A. Alternatively, the server 17a can be configured to aUow the client 14 to send 

30 another password and/or log name. 

16 
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Once the user is determined to be an authorized user, the user via client 14 
encrypts and sends the server 17a a request for data, as depicted by block 126 of Fig. 
4A, As mentioned hereinbefore, the request for data is preferably a data word or 
words indicating which data the user of the client 14 wishes to retrieve. In this regard, 

5 each data word is preferably a code word recognizable to the server 17a. Therefore, 
the client 14 preferably includes in memory 22 (Fig. 2) a list of code words that can be 
translated by the server 17a into a query to the database system 19a. The control 
system 21 (Fig. 2) preferably displays a list of options to the user through a menu or 
other type of suitable interface. The user selects a desirable option, and the control 

10 system 21 correlates the user's selection with the appropriate code word or words, 
which are then encrypted and transmitted to the server 1 7a. Alternatively, other 
techniques known in the art may be employed to generate a request for data by the 
client 14, 

As shown by block 129 of Fig. 4 A, the server 17a decrypts the request for data 

15 with the new encryption key and determines whether the user of the client 14 may 

access the requested data by consulting the security data table 57 (Fig. 3). If the client 
14 has requested data inaccessible to the user of client 14, then the server 17a sends an 
appropriate message to the client 14 and denies access to the inaccessible data, as 
shown by blocks 132 and 134 of Fig, 4 A. However, if the client 14 has requested 

20 accessible information, the server 17a translates the request into an appropriate SQL 
query (or other type of query compatible with the database system 19a) for retrieving 
the requested data from the database system 19a, as shown by block 139 of Fig. 4B. 

The server 1 7a then connects to the database system 1 9a using the alias 
password retrieved from the password table 55 for the user of the client 14 (assuming 

25 that the database system 19a is a secure system requiring a password for access). The 
•database system 19a, through techniques known in the art, then allows the server 17a 
to query for data that is determined by the database system 1 9a to be accessible for the 
alias password. After receiving an SQL query (or other type of query if SQL protocol 
is not being used) from the server 1 7a and determining that the SQL query is a request 

30 for accessible data, the database system 19a retrieves the daU requested by the SQL 

17 
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query and transmits this data to the server 17a. 

Since connectivity with the database system 19a is only established with the 
server 17a in the preferred embodiment, the database system 19a is isolated from 
outside sources (i.e., devices ofif of the premises of the server 17a), Accordingly, 

5 potential hackers are prevented from obtaining cormectivity with the database system 
1 9a, thereby frustrating attempts by the hackers to retrieve unauthorized data from the 
database system 19a. 

It should be noted that the translation of the user password into an alias 
password as described hereinabove provides an extra level of security. As previously 

10 mentioned, it may be possible for an unauthorized user to discover an authorized user's 
log name and password. Therefore, if the unauthorized user manages to obtain 
connectivity with the database system 19a through a server not associated with the 
system 1 0, the password used by the unauthorized user to access the database system 
19a should not be valid. This is because the database system 19a only recognizes the 

15 alias passwords cont^ed in the server 17a. Since the alias passwords are preferably 
not transmitted across connections off of the premises of the server 17a (/.e., across 
connections accessible to the public), it is difficult for an authorized user to obtain the 
alias passwords. Accordingly, connectivity to the database system 1 9a should be 
denied unless the server 17a supplies the database system 19a with an alias password 

20 after the server 17a determines that the user is authorized to access the database 
system 19a. 

It should be fiirther noted that many database systems 1 9a have the capability 
to restrict a user's view of a table within a database 20a - 20d to a particular column or 
columns, if desired. Therefore, when the user is connected to the database system 1 9a, 

25 the user can only see and retrieve data in a column accessible to the user. However, 
these database systems 19a typically fail to restrict the user's access of the data table 
according to the row number in the data table. Therefore, if a column includes both 
accessible data and inaccessible data, either the entire view of the column is blocked 
(thereby blocking access to the accessible information) or the column is accessible 

30 (thereby allowing the user to access or see the inaccessible information in the column). 

18 
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However, in the present invention, the server 17a preferably acts as a liaison 
between the database system 19a and the client 14, and the server 17a only returns the 
requested data that is accessible to the user. Therefore, if some information in a 
column of a data table in the database system 19a is accessible and if some information 
5 in the colunm is inaccessible to the user, the server 17a retrieves only the accessible 
information from the database system 19a, As a result, the requested information can 
be returned to the client 14 by the server 17a without the user of the client 14 gaining 
access to the other information {e.g., the inaccessible information) in the column of the 
data table. Therefore, the server 17a of the present invention effectively limits the 

10 user's access to data in a data table down to the column and the row number of the 
data tables in the database system 19a. 

There are numerous methodologies that the server 1 7a may employ to 
determine which rows are accessible to the user. For example, and in no way limited 
thereto, the security data table 57 may include predefined information indicating which 

15 rows within the database system 19a are accessible to a particular user. Therefore, 
before the server 17a issues a query to the database system 19a, the server 17a first 
consults the security data table 57 and determines whether the information requested 
by the client 14 is within rows accessible to the user of the client 14. If the server 17a 
determines that the information requested by the client 14 is within rows accessible to 

20 the user of the client 14, the server 17a submits a query to the database system 19a 

based on the request from the client 14. However, the server 17a discards any portion 
of the request from the client 14 that pertains to information determined to be 
inaccessible to the user of the client 14 before issuing a query. Therefore, only data 
that is accessible to the user of the client 14 is retrieved from the database system 19a 

25 in response to the request from the client 14. 

To fiirther illustrate the foregoing concept, assume that a data table in the 
database system 19a includes a plurality of rows and colunms. For example, and in no 
way limited thereto, each row in the data table can represent a store within a chain of 
stores owned by a particular corporation. In other words, all of the information within 

30 each row of the data table pertains to a particulcu* store within a chain of stores. Each 

19 
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column in the data table could correspond to a field of information relating to the 
stores in the delta table. As an example, the fields may respectively indicate the store's 
str^t address, zip code, total costs, total revenue, etc. 

Also, assume that it is desirable for a regional manager to only access the 
5 information in the data table pertaining to the stores within his region. In order to limit 
the manager's access to stores outside of his region, the security data table 57 may 
include an entry for the manager. In this entry, a list of all of the zip codes within the 
manager's region may be included. In other words, the zip codes may be used as an 
identifier to indicate which rows are accessible to the manager. 

10 Therefore, when the server 17a receives a request fi-om the client 14 for 

information within the database system 19a (when the manager is logged onto the 
client 14), the server 17a first consults the security data table 57 to determine which 
zip codes are accessible to the manager. Then, the server 17a restricts the query for 
only data that pertains to the accessible zip codes. In this regard, the server 17a inserts 

15 a "where" statement or an "if' statement to limit the data retrieved by the server 1 7a. 
For example, the query can be structured to return information fi-om a row in the data 
table only where or only if the zip code field for the row includes a zip code listed as 
accessible within the security data table 57 for the identified user. By restricting the 
data retrieved fi-om the data table in this way, the user can be prevented fi'om accessing 

20 the data within any of the rows within the data table. 

It should be noted that the server 1 7a can alternatively analyze the data 
retrieved from the database system 19a in order to restrict the user's access to certain 
rows of information. In this regard, the server 17a can consult the security data table 
57 after retrieving the data requested by the client 14 to determine whether the 

25 retrieved data is accessible to the user of client 14, and the server 17a can be designed 
to discard any row having a zip code not identified as accessible to the user via the 
security data table 57. Therefore, the client 14 only receives data associated with rows 
determined by the server 17a to be accessible to the user of client 14. Other similar 
methodologies for restricting the user's access to certain rows within the data tables of 

30 the database system 1 9a may be employed without departing from the principles of the 

20 
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Once the server 17a receives the data from the database system 19a, the server 
1 7a determines whether a remote server 1 7b has access to any of the requested data 
not included in the database system 19a, as depicted by block 142 of Fig. 4B. If so, 

5 the server 1 7a creates a request for data and submits the request for data to the 

appropriate remote server 17b just as the client 14 submitted its request for data to the 
server 17a, as shown by block 145. The remote server 17b may utilize some or all of 
the security features previously described for the server 17a. Therefore, after 
establishing a new encryption key for the data session between servers 17a and 17b, 

10 the server 17a transmits the user's log name and password to the remote server 17b. 
The remote server 17b verifies that the user is an authorized user and translates the 
password into an alias password. Then, the remote server 17b translates the request 
for data submitted by server 1 7a into an appropriate SQL query (or other type of 
query) for database system 1 9b. Using the alias password, the remote server 1 7b 

15 retrieves the requested data from database system 19b and transmits the requested data 
in encrypted form to the server 17a, as shov/n by blocks 147 and 149 of Fig. 4B. If the 
remote server 17b determines that any of the data is inaccessible to the user, the 
remote server 1 7b discards the inaccessible data before transmitting it to the server 
17a. 

20 After retrieving all of the requested data that is accessible to the user, the 

server 17a encrypts aU of the retrieved data and transmits the encrypted data to the 
client 14, as seen in block 155 of Fig. 4B. The client 14 receives and decrypts the 
information transmitted by the server 17a. As shown by block 158 of Fig. 4B, the 
client 14 then displays the information to the user of client 14 or otherwise processes 

25 the information as desired. 

Due to the security features described hereinabove, the databzise system 1 9a is 
effectively secured from access by unauthorized users. Therefore, remote access can 
be provided to remote clients 14 via the server 17a without jeopardizing the contents 
of the database systems 19a and 19b. 

30 In concluding the detailed description, it should be noted that it will be obvious 
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to those skilled in the art that many variations and modifications may be made to the 
preferred embodiment without substantially departing fi-om the principles of the 
present invention. All such variations and modifications are intended to be included 
herein within the scope of the present invention, as set forth in the following claims. 
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CLAIMS 

Now, therefore, the following is claimed: 

1 . A system (10) for preventing unauthorized access of database systems, 
comprising: a client (14) configured to transmit a request for data; a database (20a) 

5 configured to receive a query, to retrieve data associated with said request for data 
based on said query, and to transmit said data associated ^yith said request for data; 
and a first server (17a) configured to receive said request for data, to translate said 
request for data into said query, to receive said data transmitted from said database, to 
encrypt said data received from said database, and to transmit said encrypted data to 

10 said client. 

2. The system (10) of claim 1 , wherein said request for data is a predefined code 
word. 

15 3. The system (10) of claim 1, wherein said first server (17a) is configured to 
encrypt said data received from said database (20a) with a new encryption key 
transmitted to said client (14) from said first server (17a) in response said client (14) 
establishing a data session with said first server (17a), wherein said first server (17a) 
transmits said encrypted data to said client (14) during said data session. 

20 

4. The system (10) of claim 1, herein said client (14) is configured to transmit a 
password to said first server (1 7a), and wherein said first server (17a) is configured to 
translate said password into an alias password and to utilize said alias password to 
access said database (20a). 

25 

5. The system (10) of claim 1 , wherein said data retrieved by said database (20a) is 
stored within a column of a data table in said database (20a), and wherein said first 
server ( 1 7a) is further configured to determine whether said data retrieved by said 
database (20a) is accessible to said client (14) based on predefined security 

30 information stored in said first server ( 1 7a), to discard a portion of said data 
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determined to be inaccessible by said first server (17a), and to transmit a portion 
of said data determined to be accessible by said first server (17a). 



6. The system (10) of claim 1, wherein said first server (17a) is finther 

5 configured to transmit a second request for data based on said request for data 
transmitted firom said client (14) and \^erein said system (10) further comprises: 
a remote database (20c) configured to receive a second query, to retrieve data 
associated with said second request for data based on said second query, and to 
transmit said data associated with said second request for data; and a remote server 
10 (17b) configured to receive said second request for data, to translate said second 
request for data into said second query, to receive said data transmitted fi'om said 
remote database (20c), to encrypt said data received from said remote database (20c), 
and to transmit said data received firom said remote database (20c) to said first server 
(17a). 

15 

7. A method for preventing linauthorized access of a database systems, 
comprising the steps of: establishing communication between a client computer (14) 
and a first server (1 7a) computer; transmitting a first request for data from said client 
computer (14); receiving said first request for data at said first server computer 

20 (1 7a); subsequent to said receiving step, translating said first request for data into a 
query; querying a database (20a) with said query; retrieving data from said database 
(2()a) based on said query; encrypting said data retrieved from said database (20a) at 
said first server computer (17a); and transmitting said data retrieved from said 
database (20a) to said client computer (14). 

25 

8. The method of claim 7, finther comprising the steps of: transmitting a new 
encryption key from said first server computer ( 1 7a) to said client computer ( 1 4) in 
response to said establishing step; encrypting said first request for data at said 
client computer (14) with said new encryption key; and encrypting said data retrieved 

30 from said database (20a) with said new encryption key at said first server computer 
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(17a). 

9. The method of claim 7, further comprising the steps of: transmitting a 
password from said client computer (14) to said first server computer (17a);translating 

5 said password into a different password; and accessing said database (20a) via said 
different password. 

10. The method of claim 7, fiirther comprising the steps of: retrieving information 
from a column of a table within said database (20a) in response to said first request 

10 for data; analyzing said information at said first server computer (17a) to deterniine 
whether said information includes inaccessible data; discarding said inaccessible data 
at said first server computer (17a); and subsequent to said discarding step, 
transmitting a remainder of said information from said first server computer (1 7a) to 
said client computer (14), wherein said remainder of said information includes 

15 information from a row in said colunm and said inaccessible data includes information 
from another row in said colimm. 

11. A system (10) for preventing unauthorized access of database systems, 
comprising: a client (14) configured to transmit a user password; a first server (1 7a) 

20 configured to receive said user password and to translate said user password into a 

different password; and a database (20a) configured to receive said different password 
and to connect to said first server (17a) based on said different password. 

12. The system (10) of claim 11, wherein said server (17a) is configured to 

25 identify a user of said client (14) based on said user password and said database (20a) 
is configured to identify said user based on said different password. 

13. The system (10) of claim 1 1, wherein said database (20a) is located at a 
premises of said first server (17a) and said client (14) is located remotely from said 

30 first server ( 1 7a). 

25 
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14. The system (10) of claim 1 1, further comprising a password table having a 
plurality of entries, each entry of said plurality of entries correlating a resp^tive first 
password with a respective second password, said second password different than said 

5 first password, wherein said server (17a) is configured to access an entry in said 
password table based on said user password and to retrieve said different password 
fi-om said entry. 

15. The system (10) of claim 11, wherein said database (20a) is configured to 
10 determine whether a request for data is authorized based on said different password 

and to transmit data associated with said request for data in response to a 
determination that said request for data is authorized. 

16. The system (10) of claim 1 1, wherein said server (17a) is further configured to 
15 transmit said user password and wherein said system (10) further comprises: a remote 

server (1 7b) configured to receive said user password firom said first server 17a) and 
to translate said user password into a second different password; and a remote 
database (20c) configured to receive said second different password fi^om said remote 
server (1.7b) and to connect to said remote server (17b) based on said second different 
20 password. 

17. A method for preventing unauthorized access of database systems, comprising 
the steps of: transmitting a user password from a client computer (14) to a server 
computer (17a); translating said user password into a different password; utilizing 

25 said different password to access a database 920a) associated with said computer 
server (17a); retrieving data fi'om said database (20a); and transmitting said data to 
said client computer (14). 

18. The method of claim 17, further comprising the steps of: transmitting said 
30 user password from said server computer (1 7a) to a remote server computer (17b); 
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tratislating said user password into a second different password; and utilizing said 
second different password to acc^s a remote database {20c). 

19. The method of claim 17, further comprising the step of determining whether a 
5 current user of said client computer (14) is authorized to retrieve said data based on 

said different password, wherein said retrieving step is in response to a determination 
that said current user of said client computer (14) is authorized to retrieve said data. 

20. The method of claim 19, further comprising the step of: deciding whether said 
10 user is authorized to access information within said database based on said user 

password; and accessing said database (20a) in response to a determination that said 
user is authorized to access said information within said database (20a). 

21 . A system (10) for preventing imauthorized access of database systems, 

15 comprising: a cUent computer (14) configured to transmit a request for data; a 
server computer (17a) configured to receive said request for data, to retrieve data fi-om 
a colimm within a table of a database (20a) in response to said request for data, to 
transmit data associated with information stored within a row of said column in 
response to a determination that a user of said client computer (14) is authorized to 

20 access said row, and to discard data associated with information stored within another 
row of said colunm in response to a determination that said user is imauthorized to 
access said other row. 

22. The system (10) of claim 21, wherein said server computer (17a) is further 

25 configured to determine vsdiether said user is authorized to access each row within said 
column. 

23 . The system ( 1 0) of claim 2 1 , further comprising a security information table 
(57), said security information table (57) including a plurality of values indicating 

30 whether said user is authorized to access said rows of said column. 
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24. The system (10) of claim 23, \i\iierein said client computer (14) is remotely 
located from said server computer (14). 

5 25. A system (10) for preventing unauthorized access of databases, comprising: 

a client computer (14) associated with a user; a database (20a) 
configured to receive a query, to retrieve data stored in a column of a data table in said 
database (20a) based on said query, and to transmit said data; and a server computer 
(17a) configured to receive a request for data fi-om said client computer (14) and to 
10 receive said data, to determine whether said user is authorized to retrieve informaaon 
within a first row and a second row within said column of said data table, to transmit 
said query to said database (20a), and to restrict said query so that said server (17a) 
receives said information with said first row but does not receive said information 
within said second row in response to said query. 

15 

26. The system (10) of claim 25, wherein said database (20a) is located at a 
premises of said server computer (17a) and said client computer (14) is located 
remotely from said server computer ( 1 7a). 

20 27. A method for preventing unauthorized access of database systems, comprising 
the steps of: receiving a request for data from a client computer (14) associated with a 
user; retrieving data from a column within a table of a database (20a) in response to 
said request for data; determining that said user is authorized to access information 
stored within a first row of said column; determining that said user is unauthorized 

25 to access information stored within a second row of said colunm; transmitting data 
associated with said first row to said client computer (14); and discarding data 
associated with said second row. 

28. The method of claim 27, wherein said transmitting and discarding steps are 
30 based on said determining steps. 
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29. The method of claim 27, further comprisii^ the step of determining i^ether 

• said user is authorized to access information stored within each row of said column in 
response to said request for data. 

5 

30. The method of claim 27, wherein said detem^ning steps incliides the step of 
analyzing a first value corresponding with said first row and a second value 
corresponding with said second row, wherein said first value indicates whether said 
user is authorized to access said first row and said second value indicates whether said 

10 user is authorized to access said second row. 
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